Hi folks

I've just got myself a Netgear DG834G (ADSL modem, router, firewall and WAP all in one box). In general it's a very good bit of kit, very simple to setup (although it seems to have issues with wireless access and VPNs, but that's another story). So far I'd recommend it without hesitation.

The build in firewall has the quite reasonable defaults of Inbound:Block All, Outbound: Allow All. I can't argue with the former, as i'm not hosting any services, but I'd like to toughen up the latter to restrict outbound access to the ports that I actually use (so if anything nasty does get in I can get warning that it's trying to get out again). I can guess a few (port 80, for example) but my knowledge of TCP/IP is fairly basic - can anybody offer any guidance? Applications are the usual internet/email plus VPN access to work. No instant messaging, file sharing, games or anything like that.

I know I could block all outbound and open when things break, but i'd prefer not to do that... :)

I blocked all outbound and blocked all UDP and blocked 135 through 139 as well as 445. I have set the SMTP ( TCP port 25) to only allow my network adresses to send mail just incase its possible to use the router for spam. I open the FTP ports 21 and 21 only when I want to use FTP. I have also opend the POP3 port (110) and the ports to allow MSN AOL AIM and ICQ to work. I had to locate the IP address for pprune chat and open up a link to that.
I may not have done it correctly but its the best I could do with my knowledge. Hope this info helps.
I do seem to get alot of DOS reports from my router dont know the exact significance or have any idea of what to do about them.

Another way to control outbound traffic is to use a software firewall on your computer. Let the netgear router stop any inbound Blaster/Sasser type attacks etc. and use the software firewall to control programs on your computer. Zone Alarm and Norton Personal Firewall are quite easy to set up and, after a week or so of use, very unobtrusive. Whenever Zone Alarm et al detects a program trying to get out, they ask you whether it should be allowed. Many can also be set to completely shut down all internet access after a certain period of inactivity.

You should definitely take HelenD's advice to block all traffic on ports 135-139 as these are used by Windows' LAN networking software. There is no need for local network traffic to get out onto the net and hackers love to scan these ports for vulnerable computers.

goates

Evo,

You might like to check your system vulnerability (or otherwise) Here (https://grc.com/x/ne.dll?bh0bkyd2)

SD

OK, after about an hour playing last night I've decided that my idea of "block all, open what I need" was Really Dumb. I blocked everything, the firewall log filled up in about 10 seconds and despite opening assorted obvious ports everything still stopped working. goates' idea is much more sensible. :O

I think that i'll try blocking a few specific ports on the hardware firewall that I know I really never want stuff going out on - thanks for the suggestions Helen. For the rest, i'll allow it and hope that zone alarm blocks any nasty stuff.

Saab - i've given the firewall a good blasting from outside using the excellent nmap (http://www.insecure.org/nmap/). It's solid, as far as I can tell (and the grc.com tests pass too). I was wondering if I can get the firewall to prevent nasty stuff getting out.


(edit: what's the difference between TCP and UDP? Does anything need to send UDP packets out?)

Evo,
TCP is a connection-orientated protocol, UDP is connectionless.

Basically this means for TCP , every lump of data that is sent has to be acknowledged, there is flow control, guaranteed delivery of data etc. but more overhead as a result.

For UDP, also known as 'say-it and spray-it, data delivery is on a best effort basis, i.e. no explicit acknowledgement of data, no explicit flow control etc. but less overhead.

Examples of TCP : SMTP (Email), Telnet (Remote login), FTP (File Transfer)

Examples of UDP : TFTP (basic file transfer), SNMP (Network Management), DNS (name resolution).

So, TCP is used for Email as it's important that delivery is guaranteed.

UDP is used for DNS, so say when you look for www.pprune.org and DNS goes off to find the IP address, it's less important if the data is lost as your browser will just have another go.

It's a tad more complex than that but I was trying to keep it understandable !

Cheers

Lost_luggage - thanks, that's a very clear explanation. I've heard the two terms used before, but wasn't quite sure what they were :confused:

Very welcome Evo !

Perhaps my memory isn't all that bad after all !